This Firefox vulnerability is so bad, the U.S. government is urging users to patch it immediately – PCWorld

This Firefox vulnerability is so bad, the U.S. government is urging users to patch it immediately | PCWorld


<!– –>


<!–
–>



Seriously, go update your browser before you even read this.

pcw firefox primary resized

Mozilla

Today’s Best Tech Deals

Picked by PCWorld’s Editors

Top Deals On Great Products

Picked by Techconnect’s Editors

“);
});
try {
$(“div.lazyload_blox_ad”).lazyLoadAd({
threshold : 0, // You can set threshold on how close to the edge ad should come before it is loaded. Default is 0 (when it is visible).
forceLoad : false, // Ad is loaded even if not visible. Default is false.
onLoad : false, // Callback function on call ad loading
onComplete : false, // Callback function when load is loaded
timeout : 1500, // Timeout ad load
debug : false, // For debug use : draw colors border depends on load status
xray : false // For debug use : display a complete page view with ad placements
}) ;
}
catch (exception){
console.log(“error loading lazyload_ad ” + exception);
}
});

We’re just 10 days into 2020, and already we have our first critical security flaw. It comes from Mozilla’s popular Firefox browser, and it’s so dangerous, the Homeland Security Cybersecurity and Infrastructure Security Agency is warning users about it.

The good news is that it’s already been patched. The bad news is that it’s already being exploited in the wild. And it’s about as bad as it can get. In technical terms, as Mozilla explains, “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. That means that an attacker could exploit the Javascript code to surreptitiously hack a user’s PC and install malicious code outside of Firefox. Mozila says it is “aware of targeted attacks in the wild abusing this flaw,” but doesn’t give any information about how widespread the attacks are.

The Department of Homeland Security echoed that warning and urged users to “apply the necessary updates.” The government regularly tracks malware and vulnerabilities, but rarely do consumer apps rise to the level of a cyber alert.

The bug was first detected by Chinese security company Qihoo 360 just two days after the initial update was released, according to TechCrunch. The vulnerability is patched in Firefox 72.0.1 and Firefox Extended Support Release (ESR) 68.4.1. Firefox should check for updates immediately upon launch, but if you’ve disabled that setting, you can update your browser in the General tab inside settings.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our
affiliate link policy for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *